cleantalk
Vulnerabilities and Security Researches

Newsletters, CVE-2023-4797

CVE, Research URL

CVE-2023-4797

Home page URL

Security reports for Newsletters

Application

Newsletters

Published on
Jan 16, 2024
Research Description
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
Affected versions
Min -, max 4.9.3.
Status
vulnerable
Previous vulnerability researches
Newsletters (CVE-2024-37227) , Jun 24, 2024
Newsletters (CVE-2024-47346) , Oct 01, 2024
Newsletters (CVE-2024-7411) , Aug 16, 2024
Newsletters (CVE-2024-35718) , Jun 09, 2024
Newsletters (CVE-2024-13739) , Mar 23, 2025
New vulnerability
Frontend Dashboard (CVE-2025-4474) , May 14, 2025
Frontend Dashboard (CVE-2025-4473) , May 14, 2025
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-3597) , May 14, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2025-26841) , May 14, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-47682) , May 14, 2025